Skip to Main content Skip to Navigation
Conference papers

Evaluating the Impact of Traffic Sampling on AATAC's DDoS Detection

Gilles Roudiere 1 Philippe Owezarski 1
1 LAAS-SARA - Équipe Services et Architectures pour Réseaux Avancés
LAAS - Laboratoire d'analyse et d'architecture des systèmes
Abstract : As Distributed Denial of Service (DDoS) attack are still a severe threat for the Internet stakeholders, they should be detected with efficient tools meeting industrial requirements. In a previous paper, we introduced the AATAC detector, which showed its ability to accurately detect DDoS attacks in real time on full traffic, while being able to cope with the several constraints due to an industrial operation. However, in a realistic scenario, network monitoring is done using sampled traffic. Such sampling may impact the detection accuracy or the pertinence of produced results. Consequently, in this paper, we evaluate AATAC over sampled traffic. We use five different count-based or time-based sampling techniques, and show that AATAC's resources consumption is in general greatly reduced with little to no impact on the detection accuracy. Obtained results are succinctly compared with those from FastNetMon, an open-source threshold-based DDoS detector.
Document type :
Conference papers
Complete list of metadata

Cited literature [13 references]  Display  Hide  Download
Contributor : Philippe Owezarski <>
Submitted on : Thursday, August 30, 2018 - 5:07:51 PM
Last modification on : Thursday, June 10, 2021 - 3:02:36 AM


sampling (1).pdf
Files produced by the author(s)



Gilles Roudiere, Philippe Owezarski. Evaluating the Impact of Traffic Sampling on AATAC's DDoS Detection. Workshop on Traffic Measurements for Cybersecurity (2018 WTMC), Aug 2018, Budapest, Hungary. pp.27-32, ⟨10.1145/3229598.3229605⟩. ⟨hal-01862765⟩



Record views


Files downloads